Bitcoin targets North Korean hackers, Federal Bank receives automated order to release 61 million







Bangladesh Bank Reserve Theft: The way hackers removed money from Bangladesh Bank 'for a job', who is this hacker and where did he work from? Why aren't those involved being identified? Governor resigned with responsibility. Atiur Rahman's case against Bangladesh Bank after nearly three years, accused Philippine banks and bankers


 

How North Korean hackers were stealing hundreds of millions of dollars

 


Global New News Desk -
How the North Korean hackers were stealing almost one billion dollars. In 2016, the North Korean hackers planned to hack one billion dollars from the Central Bank of Bangladesh account in the Federal Reserve Bank of Bangladesh and it was almost successful.

But luckily the transfer of the rest of the money, except for 61 million, got stuck. But how did an isolated and poor country in the world create such a large-scale cyber hacking team? Jeff White and Jean H. Lee report for the BBC after a long search:

The whole thing started with a faulty printer. This often happens in modern life, so the staff of Bangladesh Bank took it as a common problem like any other day.


Hackers broke into computer networks,
It didn't seem like a big deal to them. But it wasn't just a printer problem, and the bank was no ordinary bank.

The Central Bank of Bangladesh 'Bangladesh Bank' is in charge of the country's foreign exchange reserves.

Printers have an important role to play there. The printer is located in a very secure room on the tenth floor of the bank's head office. This printer prints information on billions of dollars in bank transactions.

On Friday, February 5, 2016, at around 9.45 am, when the bank staff noticed that the printer was not working, "We assumed it was a common problem like any other day," the bank's duty manager Jubayer Bin Huda later told police. "Such a problem has happened before."

This was the beginning of the problems of Bangladesh Bank. The hackers have already broken into the bank's computer network and at that moment they have launched the most daring cyber attack. Their goal: to steal one billion dollars.

This cyber hacking group has used a wide network of fake bank accounts, charities, casinos and associates to extract money.

According to investigators, the digital evidence points to only one side, the North Korean government.


But who are these hackers and where did they work from?


It may come as a surprise to many that North Korea has been named as the main suspect in a major cyber attack. It is one of the poorest countries in the world and is isolated from the rest of the world in terms of technology, economy and almost everything else.

According to FBI investigators, the hacking of Bangladesh Bank took place with the help of many years of planning, preparation of hacker teams, brokers spread across Asia and the support of the North Korean government.

In the online security world, North Korean hackers are known as the Lazarus Group এই a name taken from the Bible, meaning those who come back from the dead.

Very little is known about this group. However, the FBI was able to draw a picture of a suspect, Park Jin-hook, also known as Pak Jin-he and Park Kawang-Jin, as members of the group.

There he is described as a computer programmer who graduated from one of the country's top universities and worked for a company called Chosan X in North Korea. On behalf of that organization, he used to create online games and gambling programming for the whole world sitting in Dalian, a port city in China.

While in Dalian he created an email address, spelled a CV and created a network of communication using social media.

According to the FBI, his activities were found in Dalian since 2002, according to Cyber ​​Footprints, and he was there until 2013/2014. His internet activity was later found in the North Korean capital, Pyongyang.

The FBI collected the image in 2011 from an email sent to an outside customer by the manager of the Chosan Expo Company. It shows a bearded 20- to 30-year-old Korean man wearing a black shirt and a chocolate-brown suit.

At first glance, seeing everything other than his vision, it would seem that he is an ordinary person.

However, the FBI says he worked as a programmer during the day but as a hacker at night.


The difference between Bangladesh, New York and the Philippines is that hackers steal this money.

In June 2016, U.S. authorities charged Park with conspiracy to commit computer fraud. At the same time, between 2014 and 2016, he brought allegations of wire fraud using mail or electronic devices.

If he is ever arrested, he faces up to 20 years in prison.

However, he returned to North Korea from China four years before the allegations were made.

But Park, if it's his real name, didn't become a hacker overnight.

So He is one of thousands of young people in North Korea who have been trained to become cyber-fighters from an early age. Children who are good at maths are brought to the capital from school at the age of 12 and are given intensive training from morning till night.

When the staff of Bangladesh Bank restarted the printer, they saw a very disturbing message. An urgent message said that the Federal Reserve Bank in New York has been instructed to empty the entire account of Bangladesh Bank, which has one billion dollars or one billion dollars. Bangladesh Bank has a US-dollar account in that bank.

Bank employees in Bangladesh tried to contact the Federal Reserve Bank for details, but to no avail.


As a result, it is taking three days to catch the theft.

Because the hacking activity started at 8 pm on Thursday, Bangladesh time, when it was morning in New York. As a result, while Bangladesh is asleep, this transaction is going on in the Federal Reserve Bank.

The next morning, a two-day weekly holiday began in Bangladesh on Friday. The head office of Bangladesh Bank is also closed for two days. Then, when the Bangladeshi officials came to know about the theft on Saturday, a two-day weekly holiday started in New York.

"You can see how clever the attack was," said Rakesh Asthana, a US-based cybersecurity expert.

'' There is a special purpose to choosing Thursday night. Work goes on in New York on Friday, while holidays in Bangladesh. Then when Bangladesh comes online again, the holiday has started at the Federal Reserve Bank. As a result, it is taking three days to catch the theft.

Hackers have devised another strategy to spend more time. When they withdraw money from the Federal Reserve Bank, they have to send that money somewhere.

They sent the money to Manila, the capital of the Philippines, via wire transfer. And there, Monday, February 8, 2017 was the national holiday on the first day of the lunar year.

In all, the time difference between Bangladesh, New York and the Philippines is that hackers have five days to remove the stolen money.

They have a lot of time to work on 'hacking timing' because the Lazarus Group has been working on Bangladesh Bank's computer system for more than a year.

The bank's digital vault and the way to the multibillion-dollar fund,

In January 2015, an email came to several officers and employees of Bangladesh Bank to see an instruction. The email comes from a job seeker named Russell Ahlan.

A CV and a cover letter were attached to the email with his sincere request.

In reality there is no one by this name. The FBI found in their investigation that the Lazarus group created the name.

At least one employee of Bangladesh Bank stepped into this trap and downloaded and opened the CVT. Through this, the virus hidden inside it spreads first to his computer, then to the bank system. The Lazarus Group then began roaming from one computer to another, paving the way for the bank's digital vault and billions of dollars in funding.

But why did they steal funds after so long, even after being in the banking system by sending emails a year ago? Why did they risk taking the virus for a year? Because after the money was stolen, they needed time to remove it and pave the way.

This print can instantly detect the activities of hackers.

Jupiter Street in Manila is a busy area. Next to an eco-hotel and a dental surgery office there is a branch of RCBC Bank, one of the largest banks in the country.

In May 2015, a few months after the hackers entered the Bangladesh Bank system, hacker associates opened four accounts here.

There were a number of things to suspect, which were caught after the incident. For example, the driver's license used to open the account was fake, even though they were identified as employees of different organizations, but the applicants of the four accounts all had the same position and salary. But no one noticed these things then.

For the next few months, there was no transaction in these accounts except for the first deposit of 500. At that time the hackers were moving forward with their other plan.

In February 2016, the hackers successfully hacked the Bangladesh Bank account and paved the way for the withdrawal of money. But even then, there was one last obstacle in their way. That is the printer on the tenth floor of the building.

Bangladesh Bank has a paper-based system for keeping records of all types of transactions in their accounts. This saves a printed copy of any transaction.

As a result, the print of the dollar transaction can instantly detect the activities of the hackers.

 

The use of the word Jupiter triggered a warning on the Federal Reserve's automatic system.


After clearing all the way, the hackers started transferring money at 8:38 pm on Thursday. 35 transactions, a total of ৯ 951 million - they began to transfer almost all the money from the Bangladesh Bank account at the Federal Reserve Bank of New York.

Hackers almost mean this huge amount Removed, but they got stuck because of a small mistake like the Hollywood movie.

When Bangladesh Bank came to know about the theft of dollars at the end of the weekly holiday, at first they did not understand what really happened. The Governor of Bangladesh Bank knew about Rakesh Asthana and his organization, World Informatics. She calls him and asks for help.

At the time, Astana says, the governor thought he could recover the stolen money. As a result, he kept the incident of hacking a secret. That is not only to the people, but also to his own government.

However, Asthana discovers how deeply this hacking has taken place. He sees that hackers have been able to break into a major system of Bangladesh Bank, called Swift. Using this method, thousands of banks around the world transact money with each other or among themselves electronically.

The hackers did not take advantage of any flaws in the Swift system, nor did they need to-because the hackers presented themselves to Swift software as bank employees.

It soon became clear to Bangladesh Bank officials that the transaction could not be reversed too soon. Several of the funds have already gone to the Philippines, where authorities say they will need court permission to claim the money. The court order is a public information. As a result, when Bangladesh Bank filed the case at the end of February, the whole story could be known and spread all over the world.


"He was asked to resign."

Then the outcome of the Bangladesh Bank Governor was much more immediate. "He was told to resign," Asthana said. "I've never seen him since."

US Congresswoman Caroline Maloney can clearly recall the day when she first came to know about the theft of Bangladesh Bank.

'' I was walking out of Congress to the airport and reading about the theft. It was a shocking, horrific, horrific event, probably the most frightening thing I've ever seen in the financial market. "

As a member of the Congressional Committee on Economic Services, Maloney sees the future of events. Swift, for example, brings hundreds of billions of dollars in transactions around the world under close scrutiny. Such hacking can destroy confidence in this method.

He was particularly concerned about the involvement of the Federal Reserve Bank. '' They're the New York Fed, they're usually very cautious. So how did such a transaction happen? "

Maloney contacted the Federal Reserve Bank and an employee explained to him that most of the money transfer orders had been withheld coincidentally for a very nuanced issue.

The bank to which the hackers wanted to transfer কোটি 911 million is located on Jupiter Street in Manila. There are hundreds of banks here, but the hackers chose this bank - and that's why they lost billions of dollars.

"The transactions are blocked by the Fed ... because the word Jupiter was used in the address of a transfer order, which is also the name of an Iranian ship on the sanctions list," said Caroline Maloney.


This is the next step in the transaction of money stolen by the hackers of Bangladesh Bank.

The use of the word Jupiter triggered a warning on the Federal Reserve's automatic system. As a result the transaction order is reviewed and mostly suspended. But all was not postponed. Five transactions exceeded this barrier, bringing the total to কোটি 101 million.

Of this, মিল 20 million went to the Shalika Foundation, a Sri Lankan charity. It was also planned to be used by hacker associates for money laundering. (However, its founder, Shalika Pereira, said she thought it was a legitimate donation.)

But even here a small issue stands in the way of hackers' plans. The hackers forgot the spelling of the foundation and wrote the foundation. The eye of a very careful employee of the bank detected this mistake and the transaction was stopped.

As a result, hackers were able to steal ৮ 81 million. The theft of so little money was not planned by the hackers, but it was a big blow for Bangladesh, where one in five people live in poverty.

During this time Bangladesh Bank started various efforts to bring back the stolen money. But hackers have already taken action, leaving the money out of reach.

The four accounts that were opened at RCBC Bank's Manila Jupiter branch on Friday morning, February 5, suddenly came to life.

"You then want to keep the money transaction route as foggy and vague as possible."


This money is transacted between multiple accounts, a foreign currency transaction is sent to the institution, converted into local currency and re-deposited in the bank account. Several funds were withdrawn in cash.

Money laundering experts say the meaning of this behavior is clear.

"You have to show that all the money earned through crime is legitimate and show that it came from a legitimate source, no matter what you do next," says Middlebury of the Institute of International Studies in California's Financial Crime Management Program.

Director Moira Ruehsen.

Investigators can still find out the previous history of financial transactions. As a result, if history is to be completely erased, it has to be taken out of the banking system.
In the very heart of Manila is a huge white stone palace - 'Solair', which has a hotel, a huge theater, expensive shops, and the biggest attraction here is a huge casino. Mohamed Cohen, acting editor of Inside Asian Gaming Magazine, says many gamblers come to Manila to gamble because of the ban on gambling in China, and Solair is "one of the most elite casinos in Asia."

"Its design is really great compared to anything else in Southeast Asia. There are 400 gaming tables and 2,000 machine slots. "

This is the next step in the transaction of money stolen by the hackers of Bangladesh Bank.

Instead of playing in public, these thieves book private rooms.

Of the ৮ 61 million they brought to RCBC Bank, কোটি 50 million was transferred to the accounts of another casino, Solair and Midas.

(What happened to the remaining ৩ 31 million? According to the Philippine Senate Committee of Inquiry, the money was given to a Chinese man named Xu Weikang, who left the city on a private jet and has not been heard from since.)

The reason for using the casino is that it will cut a hole in the pre-history of money. Once the stolen money has been converted into casino chips, gambling on the table and then converted into cash again - it is impossible for investigators to trace its history.

But is there any risk? Were the thieves at risk of losing all the money at the casino gambling table? Absolutely not.

First, instead of playing in public at the casino, these thieves book private rooms. There they sit at the gambling table to play with their allies. As a result, they have complete control over the whole matter.

Second, with the stolen money, they play a simple card game called Bakarah, which is very popular in Asia.


But when it points to the casino,

There are only two chances of gambling in this game. As a result, an experienced player can win 90 percent or more of the bet. This is a great thing for money launderers, who are often forced to take less than that.

As a result, criminals can use the stolen money here to get good returns in return - although it takes a lot of time to manage the players and bets very carefully. For weeks, gamblers have laundered their money inside casinos.

At this time Bangladesh Bank was trying to catch the thieves. Its officials visited Manila and identified the history of money transactions. But when it points to the casino, they seem to stand in front of a solid wall.

At the time, casinos in the Philippines were not subject to money laundering laws. As far as the casino owners knew, the legitimate owners deposited money in the casino and had the right to spend whatever they wanted at the gambling table. (Solair Casino authorities said they had no idea there was stolen money and were assisting authorities.)

Midas declined to comment.

Bank officials were able to recover কোটি 16 million from Midas Casino owner Kim Wang. Charges were brought against him but were later dropped. The remaining, 34 million has been removed. According to investigators, its next destination has brought North Korea closer.


An autonomous region of China is Macau, like Hong Kong.

An autonomous territory of China is Macau, like Hong Kong. Like the Philippines, it is a gambling paradise and has some of the most famous casinos in the world. It has long-standing ties with North Korea.

It was here in the early 2000s that North Korean officials were caught handing over high-quality counterfeit ড 100 counterfeit notes, known as so-called super dollars - which U.S. officials believe were printed in North Korea.

The local bank through which the money was smuggled has been placed on the US sanctions list due to its links to Pyongyang.
In 2006, Japanese officials switched the Super Dollar four times to detect counterfeiting.


The spy who killed 115 passengers in 198 to get a bomb on a Korean plane was trained in Macau. Kim Jong-un's half-brother, Kim Jong-un, lived in Macau while in exile and later died in Malaysia of an assassination attempt, which many believe was carried out at the behest of the North Korean leader.

The stolen dollars from Bangladesh Bank have been smuggled through the Philippines, as well as a lot of information about Macau's contacts. Several of those who laundered the stolen money by sitting at the gambling table at Solair Casino came from Macau. Among the companies that booked private rooms at the casino are at least two Macau-based establishments.


Strategies include cyber technology,

Investigators believe most of the stolen money came from China It was brought to this small territory, then to North Korea.

NASA space camera images of the night show North Korea as a black hole, as most parts of the country do not have electricity, in stark contrast to South Korea. South Korea lights up all day and all night.

According to the CIA, North Korea is one of the 12 poorest countries in the world, with a per capita income of 1,800 a year, less than Sierra Leone and Afghanistan.

But as it turns out, North Korea has given birth to the bravest and smartest hackers in the world.

Looking back at the family of North Korean leader Kim in 1948, one can understand why they started building elite cyber-fighter units.

Although the founder of the Democratic People's Republic of Korea (DPRK), Kim Il-sung, officially calls the country's political ideology socialism, it actually runs like a monarchy.

His son, Kim Jong-il, has relied on the military as his center of power to provoke the United States with ballistic missiles and nuclear weapons. According to U.S. authorities, the regime has resorted to illegal methods to carry out these activities, including extremely fine super dollar fraud.

Nuclear weapons a 'precious sword'
Kim Jong-il also incorporated cyber technology into the country's strategy. The Korea Computer Center was launched in the country in 1990. It is at the center of the country's IT activities.

In 2010, when Kim Jong-un, the third son of Kim Jong-il, began to be recognized as the successor to power, the ruling apparatus began to introduce their future leader as a champion of science and technology. The aim of the campaign was to gain the loyalty of a new generation of young people and to inspire them to work as warriors with new tools.

Since coming to power in 2011, the young Kim has described nuclear weapons as a "valuable sword", but he also needs funding to continue the program. But after the first test of a nuclear weapon and the test of a long-range missile in 2006, the UN Security Council imposed strict sanctions, making it even more difficult.

U.S. officials believe that cyber hacking is one of the ways in which it can solve this funding problem.

But even with the help of science and technology, North Koreans do not have the opportunity to be directly connected to the world's Internet. Because then the people of the country will be able to see what the world really is like outside the borders of their country and will have the opportunity to know a whole different kind of information about their government outside of government statements.

As a result, those in power send mostly talented computer programmers abroad, especially to China, to train cyber fighters.

There they learn how computers and the Internet are used in shopping, gambling, networking and entertainment around the world. Experts say that's where they transform from math-talented youngsters to hackers.

Hyun-Seung Lee, who fled Korea
It is thought that a large proportion of these young people live and work in North Korean-run centers inside China.

"They are very good at covering their footprints, but sometimes, like any other criminal, they leave some traces or evidence behind," said Kyung-Jin Kim, the former FBI chief in Korea, who is currently working as a private investigator in Seoul. "We can identify their IP address and find out their location."

The impression led investigators to a simple hotel in Shenyang, northeast China, with a pair of stone tigers carved in front of it. It is a symbol of Korean tradition. The hotel is named after Chilbosan, a well-known mountainous area in North Korea.

Pictures of the hotel, posted on hotel review website Agoda, show Korean architecture, colorful beds, and North Korean-style food, with waitresses singing and dancing for their customers.

It's a very familiar place to detectives, says Kaiyung-Jin Kim. They suspect that the North Korean hackers conducted their activities while sitting in Chilbosan when they first exposed themselves to the world court in 2014.

In Dalian, another Chinese city where Park Jin-hook is thought to have lived for nearly a decade, there is a community of computer programmers who live and work there in the style of North Koreans, says Hyun-Seung Lee, a fugitive from Korea.

Lee was born and raised in Pyongyang but lived in Dalian for many years, where his father did business for the North Korean government and had many contacts. However, in 2014, the family changed sides.


Park Jin-hook to return to Pyongyang after eight years in Dalian

When he lived there, there were more than 500 North Koreans living in the port city next to the Yellow Sea.

At least 60 of them are computer programmers বেশির mostly young. Lee says when North Koreans gather on national holidays, such as on Kim Il-sung's birthday, a Lee invited them to his place of residence. There, Lee sees at least 20 young people in one place. Four or six people live in each room. They are in the front sitting room of the office Like, where there are countless computers.

They showed Leake what they were doing মোবাইল mobile phone games যা sold through brokers to South Korea and Japan, earning them এক 1 million a year.

Although North Korean security officials keep an eye on them, these young people lead relatively independent lives.

"Although there are restrictions, they have a lot more freedom than North Korea, they have access to the internet and can watch some movies," Lee said.

After living in Dalian for eight years, Park Jin-hook is believed to have become anxious to return to Pyongyang. In 2011, the FBI spotted an e-mail in which he mentioned his interest in marrying his girlfriend. But he has to wait a few more years to do that.


Scary blood-skeleton with shining eyes ,,,

The FBI says its senior officials set another mission for him. Carrying out a cyber attack on the world's largest entertainment companies - such as Hollywood, California's Sony Pictures Entertainment.

In 2013, Sony Pictures announced that their new film, starring Seth Rosen and Jemon Franco, would be shot in North Korea.

In the story of this film, Franco has played the role of a talk-show host. Rosen is in the role of his producer. They will go to North Korea to interview Kim Jong-un and the CIA will persuade them to kill Kim Jong-un.

If Sony Pictures releases the film, North Korea threatens to retaliate against the United States. In November 2014, hackers sent several emails to company bosses. The hackers, known as the Guardians of Peace, threatened to inflict huge damage on themselves.

Three days later, a frightening blood-skeleton with glowing eyes appeared on the computer screen of the employees of the organization. The hackers kept their word.

Officers' salaries, personal contact emails, movie information that has not yet been released are left online. All of their activities are shut down until the company's computers are virus-free. Employees could not even use their passes or use printers to enter the office. For the whole six weeks a coffee shop there could not take any credit card payment.

Sony had initially planned to release a film called ‘Interview’, but when hackers started threatening to physically attack it, it was scrapped.


Brokers also have to pay millions of dollars.

Leading movie chains have announced that they will not be showing the film. As a result, the movie was shown digitally outside a few independent theaters.

The attack on Sony Pictures before the 2016 attack on Bangladesh Bank can be called an exercise.

Bangladesh is still trying to recover the stolen six and a half crore dollars. The country's central bank has taken legal action against more than a dozen individuals and entities, including RCBC Bank. Although they have denied any violation of the law.

But with the skill with which the money of Bangladesh Bank has been stolen, how much has Pyongyang been able to satisfy the ruling party?

In particular, the plan was initially targeted at hundreds of millions of dollars, but in the end it ended up costing only a few million dollars.

Hackers have spent millions of dollars to navigate the world’s banking system and brokers have also had to pay millions of dollars.

According to US officials, North Korea will take new steps to avoid such losses in the future.

In May 2016, Wannacry ransomware, such as Worldfire and Scrambling Victims Files, appeared on the Internet, prompting many to pay thousands of dollars in ransom using Bitcoin to retrieve their information.

The British National Health Service, as well as the Accident and Emergency Department, were badly damaged in the attack. An emergency cancer appointment is to be rescheduled.

Working closely with the FBI, investigators from the UK's National Crime Agency analyzed the code and found similarities between Bangladesh Bank, Sony Pictures and the attack virus. The FBI then framed charges against Park Jin-hook.

If the FBI's allegations are true, then it must be understood that North Korea's cyber army has now begun to adopt cryptocurrencies. This is an important development for them, as these new technologies are used to bypass the traditional banking system.


North Korean hackers target cryptocurrencies like Bitcoin

As a result, hackers may no longer be able to do their work without paying middlemen or brokers.

Wannakrai is just the beginning. Technology experts blame North Korea for a number of cryptocurrency attacks the following year. They say that where cryptocurrencies like Bitcoin are converted into conventional currencies, they are being targeted by North Korean hackers. Some people think that in total they have taken more than two billion dollars from these exchanges.

Such allegations are coming. Last February, the U.S. Department of Justice complained that the Lazarus group was active from Canada to Nigeria.

Yes, those who are active in crimes like computer hacking, global money laundering, virtual currency theft.

If these allegations are true, then it must be understood that many people have underestimated North Korea's technical skills and their dangers.

At the same time, their ability is sending a message of danger to our growing united world. Our fragility-what security analysts call the ‘incomplete threat’ এই indicates that this massive use of power by a small group poses a greater threat to us than their size.

Investigators are trying to figure out how a small, poor country is quietly sneaking into rich and powerful bank accounts and email boxes thousands of miles away. This access opportunity threatens the economic and professional lives of their victims, as well as tarnishing their image.

This is a new battlefield in front of the world. This fight is against a vicious alliance of crime, espionage and abuse of state power, which is spreading very fast.

(Geoff White is the author of Crime.com: From Viruses to Vote Rigging, How Hacking Went Global. Jean H. Lee opened the first bureau of the Associated Press in Pyongyang. He is now a Senior Fellow at the Wilson Center in Washington DC.)

Looking back .................

Reserve theft: Bangladesh Bank case after nearly three years, accused Philippine banks and bankers


Bangladesh has finally filed a lawsuit against the theft of foreign currency or reserves three years ago.

Dozens of people, including Rizal Bank of the Philippines and its senior officials, have been charged in the case, according to Reuters.

The complaint alleges that the bank and these individuals were involved in a "large-scale and highly complex scheme for many years" to steal reserve money.

Bangladesh Bank says the money was stolen with the help of some unidentified North Korean hackers. The hackers were able to enter the network using malware called 'Nestag' and 'McTrack'.

According to the complaint, the stolen money was transferred using Rizal Bank accounts in New York and the Philippines. The money was later laundered through casinos.

However, Rizal Bank of the Philippines has not yet commented on the case filed by the Central Bank of Bangladesh.

On Wednesday, they simply said they welcomed the lawsuit because they thought it was an opportunity to record that the bank had been the victim of an activity initiated by an unknown person in Bangladesh.

The incident began in 2016 when the Federal Reserve Bank of New York received an automated order to release ৮ 61 million.


Rizal Bank fined a record 19 million
The money later went to four fake accounts at a Rizal Bank branch in Makati, Philippines, and was quickly withdrawn.

Later, only fifteen million dollars of the stolen money has been recovered. Bangladesh Bank's reserves of the stolen money of 48 million 30 thousand dollars has been returned by Mr. Ang.

Manila-based Rizal Bank has repeatedly said the theft took place inside Bangladesh's central bank.

Bangladesh Bank Governor Fazle Kabir said they had signed an agreement with the New York Fed to co-operate in the case. However, a New York Fed spokesman declined to comment.

The hackers originally removed কোটি 100 million from the reserve, of which কোটি 20 million was sent to a Sri Lankan account but was returned due to a spelling mistake.

The remaining কোটি 81 million went to casinos in the Philippines. Of this, about কোটি 15 million or প 15 million was recovered by the Philippine authorities, but the rest has not been settled.

At the same time, a court on January 10 convicted Maya Deguito, an official at the Rizal Bank branch through which the money was withdrawn, and sentenced him to 32-58 years in prison and a 101 million fine.

The central bank of the Philippines had earlier fined Rizal Bank a record ১৯ 19 million for failing to stop the theft through the bank. Now Bangladesh Bank has also filed a case in a New York court accusing Rizal Bank and its officials.

 

Reserve theft: Why are those involved not being identified?


The investigation into the theft of money from the reserves of Bangladesh Bank through cyber fraud was hacked and the investigating agency could not find out who was involved in the theft of reserves by hacking the banks all over the world.

No statement has been received from CID and Bangladesh Bank in this regard. The question now is whether this delay in identifying the culprits is creating an opportunity for the criminals to get protection.

Although the theft of money took place in the first week of February 2016, Bangladesh Bank kept it a secret for almost a month. Until then, the then Governor Dr. had to resign. Atiur Rahman.

However, the investigation report did not see the light of day. In the context of this investigation, Bangladesh Bank has not opened its mouth about what action has been taken internally.

After several contacts, the bank's deputy governor Abu Hena said. Razi Hasan said, “A b

Nothing can be said until the investigation is over. Because our CID is investigating it now. "


The company has so far taken more than 20 hours to court.
The theft of money from the reserve was the head of the investigation committee formed by the government, the former governor of Bangladesh Bank. Mohammad Farasuddin.

In his investigation, the names of some people of Bangladesh Bank have come up as suspects in the incident. However, he said, it is the responsibility of CID to identify those who are really involved in the incident.

"Our investigation is not a criminal investigation. It is an administrative one. If the criminal investigation shows that the names of those who came are not understood, or for profit. It is better for the CID to investigate this part soon."

However, the reality is that the CID's investigation is not over yet. The agency has so far taken more than 20 hours to complete the investigation.

The people involved in the investigation are also giving an idea that the investigation is not ending suddenly. However, no CID official has agreed to make any official comment in this regard.
"The Philippine government has filed a lawsuit to seize the assets of those through whom the money went. The lawsuit is still ongoing. We are now working on how to get the money back as soon as possible."

In the context of various complications in the recovery of money, the question of the case has been raised in the International Court of Justice, but Bangladesh Bank wants to get back the lost money on the basis of compromise without going to the case for the time being.


Reserve theft: How hackers removed money from Bangladesh Bank 'for job'


Since 2014, hackers have started online research on several commercial banks in the country, including Bangladesh Bank, the central bank of Bangladesh. Later, on February 4, 2016, he was able to steal কোটি 101 million from the Bangladesh Bank account kept in the Federal Reserve Bank of New York.

The US Federal Bureau of Investigation (FBI) has provided an explanation for the theft. The FBI has provided this explanation in a criminal case document in California District Court in the United States.

Although the incident of reserve theft caused a stir all over the world, the investigation report was not released by Bangladesh.

However, according to the documents of the US intelligence agency, hackers have been targeting various banks in Bangladesh since October 6, 2014.

The FBI blames a North Korean national, Park Geun-hyek, for several cyber attacks around the world, including in Bangladesh Bank.

The company has learned from Bangladesh Bank's digital equipment testing and electronic data-evidence that hackers used four email accounts to infiltrate the system to steal reserves.

They are: watsonhenny@gmail.com, yardgen@gmail.com, and the two related accounts rasel.aflam@gmail.com, and rsaflam@gmail.com, - two accounts. The FBI claims that these emails send a similar message to Bangladesh Bank officials asking for job opportunities.


Like job candidates, some applications started coming in the emails of various officials of Bangladesh Bank in early 2015. Vivar with birth certificate or CV and cover letter was expected from the 'applicants'.

However, the fact that these were not for employment at all has been proved after the theft of the reserves of Bangladesh Bank.

The copy of the email, which was reported in the FBI report, is as follows:

I'm Russell

I am very excited to be a part of your organization and hope to be able to share my details with you through a personal interview.

Here is my resume and cover letter. Resume and cover letter file <http: // www. [DOMAIN REDACTED] .com / CFDOCS / Allaire_Support / rasel / Resume.zip>

Thank you in advance for your time and consideration.


Why such a message?

According to FBI documents, many similar 'spare phishing' emails were sent from all the email accounts to be initially accessed into Bangladesh Bank's computer network.

Spare phishing emails are mainly used to defraud and defraud.

According to the document, after researching the hacking of online job cover letters and PDF files, a message was sent to the email address of 18 officials of Bangladesh Bank from the gmail address yardgen@gmail.com on January 29, 2015.

Each message sent a 'Resum.zip' file to the job where the hackers provided a link.

On February 23 of that year, two emails were sent to 10 people of the central bank from the same email address, with the same message. Here is a link that, if clicked, will take you to another website.

According to the FBI, an email sent from this address was the address of a person using Bangladesh Bank's own email (finally bb.org.bd).

On January 26, an anonymous person conducted another online study on the email addresses of six officials of Bangladesh Bank and various bankers in Bangladesh. The FBI claims that the man opened his Facebook account using the email agena316@gmail.com, from where a 'Spear Phishing' email message was sent to hack Sony Pictures Entertainment and AMC Theater.


Three IP address programs Was done,
Later on 11th August, a similar email was sent from rsaflam@gmail.com to another bank in Bangladesh. But here at the end of the file was written 'Resume.zip'. This email address is registered as 'Russell Ahlam'.

On the same day and the next day (August 11 and 12), this 'spear phishing' email was sent to the email addresses of 25 officials of different banks in Bangladesh. However, the link that was given in these emails was written 'Resume and cover letter'.

According to the FBI's forensic report, between January 29 and February 24, 2015, an attempt was made to download the 'Resum.zip' file from the address yarden@gmail.com from at least three computers of Bangladesh Bank.

Thus, the malware sent by email in March successfully entered the network of Bangladesh Bank. There it creates a 'fake TLS (Transport Layer Security)', which does not look like anyone has infiltrated the network.

This malware was able to transfer files, create zip files. FBI documents say the malware was programmed with three IP addresses.

One year later, that is January 29, 2016. Before moving money through fraud, some side movements started in the bank's network. One of them was towards Bangladesh Bank's SwiftLive system.

This system is a major part of the bank's Swift process. It used the Swift Alliance Access application, which was a gateway managed by Swift customers. It basically exchanges messages to ensure economic transactions.

By accepting a Swift message, the app could record a copy of the message locally, format it as a file, or print it to a printer. Or create a separate database with more information.


The way hackers spread cyber fraud network in various financial institutions ,,,,

They tried to log in at least four times while trying to access Bangladesh Bank's computer hosting on SwiftLive system. Although they successfully deleted those records, they still kept some of the evidence that came up in the forensic report.

The hackers were able to infiltrate the bank's computer terminal and send Swift messages, as if it were sent from Bangladesh Bank's own computer system.

Each Swift message instructed the US Federal Reserve Bank of New York to send Bangladesh Bank's reserve money in dollars to certain accounts in the Philippines and Sri Lanka.

Accounts were opened in the Philippines in May 2015 in the name of some fake people and 81 million or 81 million US dollars were sent to those accounts. Fake names and real bank account numbers were given in the Swift message from the system of Bangladesh Bank.

Later on February 7, 2016, hackers used a malware called evtdiag.exe to delete some messages from the Swift server.

The previous day (February 5) the server was shut down by Bangladesh Bank. As a result, the server resumed the next day, but the malware failed to delete all messages. And the evidence left by the hackers 'inadvertently' comes to light.

According to FBI documents, the hackers used similar technology in the case of Sony Pictures Entertainment (SPE), and many banks in Vietnam, the Philippines, Africa, and Southeast Asia.

The devices were again controlled from North Korea's IP address, according to the BBC.

 


# globalnewnews.com # globalnewnews.com / bn #globalnewnewsen #globalnewnewsbn #gnn

Comments

Post a Comment

Popular posts from this blog

Afghanistan: US will end troop withdrawal despite ISIS or ISK attacks, Biden says

Image
Afghanistan: The United States will withdraw its troops despite the attack Global New News Desk - CNN reported on Friday (August 26th), citing Afghan health ministry officials, that 13 of the 170 people killed were US troops and three British nationals. The New York Times reports that the death toll has risen to 160, excluding 13 U.S. troops. US President Joe Biden has said that despite the jihadist attacks in Afghanistan, the evacuation of people from Kabul by US planes will continue. The attack killed more than 90 people, including 13 U.S. military personnel. "We have to complete this campaign and we will do it," he said. Biden. He also promised to identify the attackers. More than 100,000 people have been evacuated since Kabul fell to the Taliban on August 15. The United States has set a deadline of August 31 for the withdrawal of its troops from Afghanistan, but many Afghans are rushing to the airport to leave the country within that time. Mr. "We will not back down
Read more

Voice and video call features are now part of Facebook Messenger which is coming to the main app

Image
Even though the call and video service came in the main app, the service is still running in Messenger as it is now. Some users in the United States are already using the trial service. In 2019, the company also conducted a test to bring the text chat service back to the main app with dedicated inbox. Voice and video calls are being added to the main app of Facebook Global New News Desk - Voice and video calls are being added to the main app of Facebook. Facebook has confirmed that the test is being conducted in several countries around the world, including the United States. However, it is unknown at this time what he will do after leaving the post. This is not the first time that Facebook has made such an attempt. In 2019, the company also conducted a test to bring the text chat service back to the main app with dedicated inbox. Voice and video call features are now part of Facebook's standalone Messenger. Facebook is testing to add voice and video calls to its main app. These fe
Read more

Recognition of Taliban only if fundamental rights are guaranteed: US

Image
Afghanistan is under the control of the radical armed group Taliban, Those who hold the Taliban in power again, In a new video message, the Taliban leaders promised the nation. Recognition of Taliban only if fundamental rights are guaranteed: US Afghanistan is under the control of the radical armed group Taliban Global New News Desk - Afghanistan is under the control of the radical armed group Taliban. After two decades of violent fighting, Afghanistan is under the control of the radical armed group Taliban. The Taliban, a radical armed group in Afghanistan, lost power in the 2001 US-led invasion and was cornered. They took control of Kabul without bloodshed on Sunday. The whole of Afghanistan is now under their control. They also took control of the presidential palace in Kabul. The Taliban's ability to seize power so quickly was unimaginable. Meanwhile, the Taliban emerged in the second phase since 1996, with US President Joe Biden announcing a complete withdrawal of troops by Se
Read more